Malware at D/L, but not in file?

I w3as DLing a file and Comodo reported vast numbers of malware. I finally downloaded the file, using Exclusions. When I scanned it, no malware came up.

I submitted the file for checking and they also found no malware.

That’s as far as I can see what happened. Can this occur and why?

Thanks for any help


Did you remove the entries from exclusion after download.


Thanks for the reply.

No. I did not know how until afterward. Also the submitted file to Comodo’s lab came up clean.


Without knowing what the alerts said, it’s impossible to say what might have happened.

Well it’s a pretty standard Comodo malware warning AFAIK. See attached

[attachment deleted by admin]

Looks like it was most likely just flagging the file due to its packer. Some compression algorithms are favored by malware creators, so files packed by that method are considered suspect. Since scans came up clean, it’s just a false positive.

Can you please compare the Heuristics settings between ‘Real-Time’ and ‘Manual’ scan settings, it’s possible that this causes the difference in detection.
As said it’s a ‘general packer detection’ not necessarily a malware by that alone.

It happens sometimes with Comodo AV. When Firefox version 3 was released & I tried downloading it from the official site. Clicking on download CAV alert came up & I clicked clean but the download window appeared & when I clicked save it gave error. I didn’t closed the site & again clicked on download & the same thing happened. Third time also the same thing happened. And on the 4th time no cav alert & file downloaded fine. No malware detected rightclick or running the file. I tried 4 times coz I thought this is firefox official site & its a safe & popular browser so how there can be a malware in it.

I dont know why CAV detected 3 times but not the fourth time.

When I read pcmag review on CIS 5. Neil had mentioned that whatever malware CAV detected when he did some changes to them CIS missed more than half the samples & when he inquired about this with Comodo, “They said that CAV is in CIS for just usability & therefore not flexible enough”. I didn’t liked this statement from Comodo but…Anyway sorry for little offtopic & boring you frds.


Thanks for the reply.

OK. The heuristics setting in real time is low and in manual it’s medium. Does that make sense?

HAH! Ya can’t win!

Not boring. A rather interesting quote???

Could be, you could test by setting real-time heuristics temporarily to medium also and see if the real-time engine picks up on it then…

I will give that a go…when the site lets me start downloading again. They are a bit careful with the stuff, and the incomplete downloads counted until I was blocked out.

Excuse the name change BTW. Just housekeeping

It’s hard to tell, but altering the realtime to medium seemed to make it stop. So it looks as if heuristics become more flexible as the level is raised?

No, they actually get more sensitive as they are raised. In other words, the higher the setting, the more false positives you’re likely to encounter.

??? OK I mean that makes logical sense, but I need to look into that, because it was real time that was low and now it’s medium.

Trouble is only some of the files came up as bad and I am not sure which ones.

I will have to leave it, because this site is so touchy about downloads being repeated.

So. Thanks for the input.